GSA set to approve first fast-tracked CSPs

The first participants in the Federal Risk and Authorization Management Program’s fast-track approval process for cloud service providers will graduate in the coming weeks, a top FedRAMP official said.

FedRAMP began testing a new accelerated process with three providers -- Unisys' Secure Private Cloud for Government, Microsoft's Customer Relationship Management and 18F's Cloud.gov -- back in the spring.

Claudio Belloli, FedRAMP program manager for cybersecurity, told FCW at a GovLoop cybersecurity conference on Aug. 23 that Microsoft's CRM will probably be the first to be approved via FedRAMP Accelerated. The others will definitely be cleared in the fall, he added.

Under FedRAMP Accelerated, CSPs must have a third-party assessment organization conduct an initial capabilities assessment before diving into detailed documentation. If the 3PAO gives the cloud service passing marks and the FedRAMP team agrees, the CSP is declared "FedRAMP Ready."

FedRAMP's approval process has sometimes frustrated CSPs and agencies alike, largely because of the time and cost involved in securing a provisional authority to operate. Before FedRAMP Accelerated was launched, the fastest approval took five months. GSA officials had said the average review time was nine to 18 months.